May 25th, 2018 new legislation entered into force regarding the protection of personal data, therefore we are now informing you about the processing of personal data under the Regulation of the European Parliament and of the Council (EU) No. 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR") and the Act No. 18/2018 Z. z. on Personal Data Protection and on Amendments to Certain Acts.

The Controller: Top privacy s.r.o., Robotnícka 11591/1J 036 01 Martin, Company's ID No.: 51421291, e-mail address: info@topprivacy.sk in connection with its operations, processes personal data for various purposes, mostly the processing of personal data is required by a special law or international agreement that is binding for the Slovak Republic.

We would like to also inform you about the manner in which we handle your personal data and about your rights and the legal bases of the processing of personal data.  While becoming familiar with the information under Articles 13 and 14 of GDPR, you may encounter terms that are defined as follows:

Definition of Basic Terms

  1. means, as regards a controller with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment,
  2. as regards a processor with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under GDPR and the Act No. 18/2018 Z. z.,

In the next section you will find the names of information systems, which are divided according to the purpose of personal data processing, each containing detailed information under Articles 13 and 14 of GDPR, giving you a detailed explanation of why and how we process your personal data.

Purposes of personal data processing

The Controller processes personal data of employees in the following information systems:

  1. PAYROLL A HUMAN RESOURCES,
  2. RECORDS MANAGEMENT,
  3. ACCOUNTING DOCUMENTS,
  4. PROMOTION,

The Controller processes personal data of business partners in the following information systems:

  1. RECORDS MANAGEMENT,
  2. ACCOUNTING DOCUMENTS,
  3. BUSINESS PARTNERS,
  4. MARKETING AS THE CONTROLLER'S LEGITIMATE INTEREST,

The Controller processes personal data of clients in the following information systems:

  1. RECORDS MANAGEMENT,
  2. ACCOUNTING DOCUMENTS,
  3. CLIENTS,
  4. MARKETING AS THE CONTROLLER'S LEGITIMATE INTEREST,
  5. PREVENTION AGAINST LEGALISATION OF PROCEEDS OF CRIME.

The Controller processes personal data of managing directors in the following information systems:

  1. BENEFICIAL OWNER,
  2. PAYROLL A HUMAN RESOURCES,
  3. ACCOUNTING DOCUMENTS,
  4. PROMOTION,

 The Controller processes personal data of website visitors in the following information systems:

  1. COOKIES,
  2. CONTACT FORM.

Last but not least, we would like to inform you of your rights under GDPR and Act No. 18/2018 Coll. on personal data protection as amended by certain acts.

A data subject has the right to access his/her data. At the request of a data subject, the controller shall issue a certificate whether personal data related to the data subject is processed. Where the controller processes such personal data, it shall issue a copy of the personal data at the request of the data subject. Where the data subject requests information by electronic means, the data subject shall be provided the information in a commonly used electronic form, via e-mail, unless the information is explicitly requested to be provided in a different manner.

The data subject shall have the right to rectification of personal data if the controller has inaccurate personal data concerning him or her. At the same time the data subject has the right to complete incomplete personal data. The controller shall correct or complete personal data without undue delay after being requested to do so by the data subject.

The data subject has the right to erasure (right to be forgotten) of personal data relating to him or her, provided that:

  1. personal data is no longer needed for the purposes for which it was obtained or otherwise processed,
  2. the data subject withdraws consent on which the processing is based,
  3. the data subject objects to the processing of personal data,
  4. the personal data has been unlawfully processed,
  5. the personal data have to be erased for compliance with a legal obligation, special law or an international agreement by which the Slovak Republic is bound, or
  6. personal data has been collected in connection with the offer of information society services to a person under 16 years of age.

The data subject shall not have the right to erasure of personal data provided that the processing is necessary:

  1. for exercising the right of freedom of expression and information,
  2. to comply with an obligation under legislation, special law or international agreement binding the Slovak Republic, or to perform a task carried out in the public interest or in the exercise of official power vested in the controller.
  3. for reasons of public interest in the area of public health,
  4. for archiving purposes in the public interest, for purposes of scientific or historical research or for statistical purposes, provided that is likely that the right to erasure prevents or seriously impedes the achievement of the objectives of such processing, or
  5. for the establishment, exercise or defence of legal claims.

The controller shall erase personal data of the data subject upon request and without undue delay after it assesses the request of the data subject as reasoned.

The data subject has the right to restrict processing of personal data where the following applies:

  1. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful, and the data subject requests the restriction of the use of the personal data instead erasing it;
  3. the Controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims,
  4. the data subject has objected to personal data processing on the basis of legitimate claims of the controller until verification whether the legitimate grounds of the controller override those of the data subject.

Where the data subject has requested to restrict the processing of his or her personal data, the controller shall not carry out any processing operations with the data concerned except storage, without the consent of the data subject.

The controller shall inform the data subject in the event the restriction of processing of this data is lifted.

The data subject has the right to data portability which means obtaining personal data it has given to the Controller with the right to transfer such data to another controller in commonly used and machine-readable format, provided that the personal data has been obtained with the consent of the data subject or under an agreement and its processing is carried out by automated means.

The data subject has the right to object to the processing of personal data concerning his or her on grounds relating to his or her particular situation at any time. The data subject may object to the processing of personal data on the following grounds:

  1. a legal title for the performance of tasks carried out in the public interest or in the exercise of official authority or a legal title of the legitimate interest of the controller,
  2. processing of personal data for direct marketing purposes,
  3. processing for the purposes of scientific or historical research or statistical purposes.

If the data subject objects to the processing of personal data for the purposes of direct marketing, the controller may not further process his or her personal data.

The controller shall assess any objection delivered within a reasonable period. The controller shall not further process personal data, unless it proves that there are inevitable legitimate interests for the processing of personal data that outweigh the rights or interests of the data subject, or reasons for exercise of a legal claim.

The data subject shall have the right not to be subject to a decision based on automated processing, including profiling, which produces any effects concerning him or her if the controller processes personal data by profiling, or a similar method based on automated individual decisions.

The data subject shall have the right to withdraw at any time his or her consent to the processing of personal data where such processing of personal data was based on this legal basis. The data subject withdraws his or her consent in a manner provided in the consent or in this information, if there is no such information, (s)he shall withdraw consent by contacting the controller with its request in any chosen way. The controller's contact details are provided above. Lawfulness of the processing of personal data before the withdrawal of consent on the basis of the consent given shall not be affected by its withdrawal.

The data subject has the right to file a complaint / initiate proceedings with the supervisory authority – the Office for Personal Data Protection of the Slovak Republic, Hraničná 4826/12, 820 07 Bratislava - Ružinov, phone number: +421 /2/ 3231 3214; mail: statny.dozor@pdp.gov.sk , https://dataprotection.gov.sk, if it considers that his or her rights have been violated in the field of personal data protection. If the application is submitted electronically, it is necessary that it complies with the requirements pursuant to Section 19(1) of the Act No. 71/1967 Zb. on Administrative Procedure (The Code of Administrative Procedure).

The data subject may address his or her comments and requests concerning the processing of personal data to the controller in writing or by electronic means using the contact details provided above.